1. Selfie photos with security badges in the frame.

Watch out for Gen Z! People of this demographic are “digital natives” who are smartphone-savvy and have a propensity to share just about anything, including information which compromises security. Beware of the selfie photo that allows a hacker to duplicate a security badge.

2. Out-of-office replies.

These should be short and sweet. You don’t need to share your travel destinations and time range of absence. Most of all, skip the part about whom to contact about a specific project while you’re out. The person filling in for you will probably be overwhelmed with the extra duties and without sufficient knowledge of your project, likely to fall victim to phishing, vishing, and smishing. Here’s an excellent source on all three: https://security.intuit.com/index.php/protect-your-information/phishing-pharming-vishing-and-smishing

3. Detailed Job Posting.

Avoid writing every technical detail about your company in job postings, such as the software you use, the way you authenticate external users, firewalls, etc. Technical and social engineering information makes it much easier for hackers to access your systems. Be appropriately vague by omitting brand names, methods, and algorithms specific to your company.

4. Verify callers.

Your service personnel is trained to be courteous and helpful to callers without asking them for too much information. After all, you wouldn’t want to drive away any current or future customers. Unfortunately, those days are long gone. The person calling your front desk could be a scammer, and your friendly client-facing staff is the easy prey unless trained to be vigilant. Always verify the caller before taking an order or sharing any information.  

5. Reducing security.

Some staff members simply don’t understand that a hack can mean saying goodbye to their job. According to multiple sources including Forbes.com, 60% of small companies shut down within one year after a cyber-attack. Train your IT staff or outsourced IT providers to refuse orders from staff requesting a reduction in security measures, such as turning off two-factor authentication, opening firewall ports for remote access, and easier password protocols.